Kubernetes Podcast from Google

Liz Rice from Aqua Security builds penetration testing tools for Kubernetes by day, and runs the KubeCon program by night. Adam and Craig dig into both topics. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter Adam went to Battle Ground Lake State Park Adam and Craig are both going to Google Cloud Next in Tokyo (September 19-20) Craig is also going to Google Cloud Summits in Singapore (September 13), Sydney (September 26) and Hong Kong (October 10) News of the week Google Cloud grants $9M in credits for the operation of the Kubernetes project The Machines Can Do the Work, a Story of Kubernetes Testing, CI, and Automating the Contributor Experience CNCF to host TiKV in the Sandbox New CNCF members CNCF Survey Istio 1.0.1 Forbes contributor Janakiram MSV on Cloud Native TriggerMesh Amazon adds support for Horizontal Pod Autoscaler Kontena 1.3.0 Links from the interview Aqua Security kube-bench kube-hunter: GitHub Launch blog post Introduction video KubeCon & CloudNativeCon: Europe: Copenhagen, May China: Shanghai, November North America: Seattle, December

What does it take to support Kubernetes for other users? Kenneth Massada, a lead for GKE support at Google Cloud, tells Craig and Adam his story. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter Adam lives in Seattle, which is on fire Craig baked some tasty cookies Using this recipe But not using Vegemite, British Marmite or New Zealand Marmite, which are three totally separate things. Only one of which is nice. Hint: it’s the last one News of the week 2018 Kubernetes Steering Committee Elections Binary Authorization on Google Kubernetes Engine kube-hunter from Aqua Security Video Blog Kubernetes issues and solutions from Alexander Lukyanchenko at Avito Cilium 1.2 released Accelerating Envoy with the Linux Kernel James Lee’s blogs on Kubernetes networking Amazon EKS supports GPU-Enabled EC2 instances Links from the interview etcd is hard: Configuration flags OpenAI suggestions on scaling Kubernetes to 2,500 nodes includes a separate events database Kubernetes docs on configuring and upgrading etcd Tina and Fred from Google SRE also discussed etcd on Episode 9 (Or use GKE, where we do it all for you) Other hard concepts: apiVersion: is hard spec: is hard Liveliness and readiness probes - don’t make them the same! Joe Beda thinks of YAML as machine code in Episode 12 What would Ken like to see changed in Kubernetes? Affinity and anti-affinity rules and topology keys Kenneth Massada on Twitter Or summon him with a GCP support case!

Jon Pulsifer is a Production Security Engineer at Shopify, and Canada’s biggest Kubernetes fan. Adam and Craig dig into why, and what Adam’s new mode of transport is going to be. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter Sling TV using Kubernetes Tesla using Kubernetes? MITMproxy, Charles and Fiddler Intercept HTTP traffic exiting a docker container Adam has a lot of EconoLodge points Not as many as Software Defined Talk hosts Matt Ray and Michael Coté Craig thinks he should spend them on the Pepsi jet as seen in this wonderful video News of the week Service Networking in a Hybrid Infrastructure by Praveen Shukla from GoJek KubeCon and CloudNativeCon China Craig’s session 7 best practices for operating containers by Théo Chamley from Google Cloud kustomize on Homebrew for macOS Understanding the Container Storage Interface (CSI) by Anoop Vijayan Maniankara The Istio 1.0 Release Stream or jump straight to the part with Dan Ciruli from episode 15 Links from the interview Royal Canadian Navy - Canadian Forces NOC SANS institute and instructors Jon Pulsifer is a Production Security Engineer at Shopify Why Shopify Moved to The Production Engineering Model Production Engineering from Facebook SRE from Google They’re hiring! Shopify’s adopting Kubernetes and Google Cloud The evolution of Kubernetes security Before RBAC, you used to have to mount an empty directory over the service account to disable access to it seccomp and AppArmor RBAC PodSecurityPolicy gVisor and Kata Containers Planning for Secure Container Isolation in Kubernetes RuntimeClass enhancement proposal Binary Authorization Launch blog post Kritis - open source reference implementation of Binary Authorization (the judge) Grafaes - API spec for Container Analysis API Shopify Voucher, a tool that creates attestations for Binary Authorization and prevents the deployment of images that don’t meet Shopify’s security requirements. Jon’s talk on Binary Authorization at Google Cloud Next: Securing the Software Supply Chain Shopify’s $25,000 Kubernetes bug bounty payout What is a server-side request forgery? Getting started with security by reading kubesec.io Around Ottawa Kubernetes Ottawa meetup GDG Cloud Ottawa Jon’s car Jon Pulsifer on Twitter

Tim Kelton is co-founder and cloud architect for Descartes Labs. Prior to starting Descartes Labs, he was a R&D engineer for 15 years at Los Alamos National Laboratory, working on problem areas such as deep learning, space systems, nuclear non-proliferation, and counterterrorism. Tim talks to Craig and Adam about the use of Kubernetes and Istio in geopolitics, machine learning and food supply. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Cloud Native Computing Foundation Announces Prometheus Graduation OpenMetrics project accepted into CNCF Sandbox An Exciting New Direction for the Kubic project Demystifying RBAC in Kubernetes Kubebuilder 1.0 scaffolds (with a C) Kubernetes APIs and operators Getting Started GitHub Operator Lifecycle Management - it’s operators all the way down Links from the interview Descartes Labs Climate Change and Rising Food Prices Heightened Arab Spring Why DARPA Funded a Farm Tech Startup Announcing our $30M Series B Global-scale water monitoring in the cloud Beowulf clusters (a Slashdot meme) Omega and Borg papers Mountain biking in Sedona Descartes Labs Python client SRE books: Site Reliability Engineering The Site Reliability Workbook - free until August 23 Descartes Labs talks from Cloud Next ‘18: SRE Quality Operations for Your Services Using the Istio Service Mesh & Stackdriver - with Tim Kelton and Jay Judkowitz from Stackdriver Service Monitoring How Computers See the Earth: A ML Approach to Understanding Satellite Imagery with Kyle Story Building Multi-Tenancy ML Applications with GKE and Istio to Better Understand the Earth with Tim Kelton and Sam Skillman Descartes Labs GeoVisual Search - find the squares on the globe that look most like a given square Tim Kelton on Twitter

Istio has hit 1.0, and there’s no-one better to tell you about it than Jasmine Jaksic and Dan Ciruli from Google Cloud. Adam and Craig bring you this, as well as the news from the ecosystem. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Kubernetes now in Docker Desktop Harbor enters the CNCF sandbox Azure Metrics Adapter CloudBees Core GA on AKS Red Hat OpenShift Container Platform 3.10 3.11 Codefresh Enterprise Synchronizing Kubernetes secrets with LastPass at Upside Istio nightly on EKS at Tetrate Links from the interview Announcing Istio 1.0 SRE Quality Operations for Your Services Using the Istio Service Mesh and Google Stackdriver, featuring Tim Kelton from Descartes Labs (who presented at the Toronto event two years ago, and has been using Istio in production since 0.2) Google’s Cloud Services Platform Kubernetes Podcast episode 13 on Cloud Services Platform with Aparna Sinha (It’s Dan’s favorite episode so far) Istio à la carte; a presentation by Dan Istio and the future of service meshes; an article by Jasmine The Istio project: The URL (The IP address is 104.198.14.52) Community page, listing Google Groups Rocket Chat for users Twitter Jasmine Jaksic and Dan Ciruli on Twitter

One of the most interesting announcements from Google Cloud Next was Knative, a framework for building serverless products on top of Kubernetes. Craig and Adam talk to Google Director of Product Management, Oren Teich, about the launch. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Google’s Cloud Services Platform: Recapping GKE On-Prem and Knative Cloud Services Platform session video with Chen Goldberg and Aparna Sinha Google Cloud Build GitHub integration Knative analysis: Joe Beda’s TGI Kubernetes on Knative Using the Knative build system by itself Visual descriptions: Kubernetes: the theme park analogy The Kubernetes Comic Kubernetes blog posts: KubeVirt: Extending Kubernetes with CRDs for Virtualized Workloads Feature highlight: CPU Manager Links from the interview Oren Teich on Twitter About Knative: Launch blog post Knative page at Google Cloud GitHub Slack Google Cloud Next videos: Serverless at Google Cloud, with Oren Teich High-level video intro to GKE Serverless add-on and Knative, with DeWitt Clinton and Ryan Gregg Request early access to the Serverless add-on for GKE Developer video intro to Knative, with Ville “Fifth Beatle” Aikas and Mark Chmarny Mark’s Knative samples IBM “Zed Series”

Learn about the announcements from Google Cloud Next, including GKE On-Prem, Cloud Services Platform, and Istio 1.0. Google’s product management lead for Kubernetes and CNCF governing board member Aparna Sinha joins Adam and Craig to discuss what’s new. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Rugby Sevens World Cup Kubernetes wins the OSCON award for most impactful Open Source project When Does Kubernetes Become Invisible And Ubiquitous? Links from the interview Aparna Sinha on Twitter Google Power Women Of The Cloud Cloud Services Platform: Launch blog Web site GKE On-Prem Knative Cloud Build Bringing the best of serverless to you Next OnAir

Joe Beda, Craig McLuckie and Brendan Burns are considered the “co-founders” of Kubernetes; working with the cluster management teams at Google, they made the case that their implementation of the Borg and Omega patterns should become a proper product. Joe and Craig now run Heptio, a company working to bring Kubernetes to the enterprise. Your hosts talk to Joe Beda about the history of Kubernetes, creating a diverse company, and what exactly is wrong with YAML. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Minimal Ubuntu Sysdig security blog series Why Red Hat think Kubernetes is the new application server Deep dive blog posts for Kubernetes 1.11: IPVS-Based in cluster load balancing CoreDNS for Kubernetes Cluster DNS Resizing Persistent Volumes Dynamic Kubelet configuration Interview transcript blog post for Episode 10 with Josh Berkus and Tim Pepper Elastifile announce Kubernetes and Tensorflow integration Heptio Ark v0.9.0 Links from the interview Joe Beda on Twitter Heptio Heptio Blog 4 years of Kubernetes blog post Heptio open source projects: ksonnet Heptio Ark Heptio Sonobuoy Heptio Contour Heptio Gimbal What’s wrong with YAML? YAML as machine language Metaparticle kustomize TGI Kubernetes video series

Helm and its Charts help you manage Kubernetes applications. Vic Iglesias, a Solutions Architect at Google Cloud, is a maintainer of the Helm charts repository. He talks to Craig and Adam about how people are using Helm, and where the project is going. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Google announces Jib, for building Java containers Jib on GitHub MongoDB operator for Kubernetes OpenFaaS Operator Pivotal PKS 1.1 released VMware’s take OpenSDS releases their first release, Aruba Codefresh raises $8M Series B round for its container-centric CI/CD platform What the funding means to Codefresh Links from the interview Helm website Helm docs Helm GitHub repo Helm Twitter Helm Slack channel Helm Blog Vic Iglesias’s Twitter

A special extended episode going deep on the process of releasing Kubernetes, and this week’s 1.11 release in particular. Hear from Josh Berkus from Red Hat and Tim Pepper from VMware, release manager and shadow release manager for Kubernetes 1.11, on how a release team is put together, the good and the bad of 1.11, and how Kubernetes is like a pastry oven. Don’t you think it’s about time you said hello? web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Kubernetes 1.11 released Google’s summary of Kubernetes 1.11 VMware Kubernetes Engine Google Cloud Filestore, for hosted NFS on GKE Apply for early access The plan for Helm 3 Consul Connect service mesh Links from the interview SIG-Release 1.11 Release Team 1.12 Release Team Release calendar for 1.11 Feature branches SIG-Scalability Performance tests CI Signal role Breaking changes in release notes Priority and preemption enabled by default JSON decoders should be case sensitive Bug triage lead Growing In Your Contributor Role from Tim at KubeCon EU Last Week in Kubernetes Development from Josh Josh Berkus Twitter GitHub Blog Pottery & baking Tim Pepper Twitter GitHub Portland Timbers and Portland Thorns